On 31Jan24 09:01-0800, Quanah Gibson-Mount wrote: > > Note that contrib modules are explicitly not maintained by the Project. > > You'll need to find someone in the community to fix these issues for you. > > I'd also wonder why you're not using the official OTP overlay: > > <https://www.openldap.org/software/man.cgi?query=slapo-otp&apropos=0&sektion=0&manpath=OpenLDAP+2.6-Release&arch=default&format=html> > > which is maintained by the project.
The reason was, that we use it as a TOTP-only solution. I had a testsetup with slapo-otp as well, but this module required userPassword + TOTP, IIRC; where we cannot not have userPassword. Our setup is to use TOTP as 2FA for ssh logins against the centralized LDAP infrstructure. The ssh-login 1FA is ssh pubkey (also in LDAP) and 2FA is TOTP. To achieve this we use a PAM module which does an ldapbind against the user-DN which has the userPassword schema '{TOTP1}'. Maybe I wrong or outdated here and slapo-opt also supports TOTP-only authentication now? Cheers, -- Bastian Tweddell Juelich Supercomputing Centre phone: +49 (2461) 61-6586 High Performance Systems --------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens --------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------
smime.p7s
Description: S/MIME cryptographic signature